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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )S Responsive to communication(s) filed on 01 October 2007 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) [3 Claim(s) 1-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^] Claim(s) 1-21 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
aOAII b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1 ) [^Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Pa P er No(s)/Mail Date. . 

3) M Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of '"forma! Patent Application 

Paper No(s)/Mail Date 8/31/2007 . 6) □ Other: . 
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DETAILED ACTION 

1 . This communication is responsive to the amendment filed 1 0/01/2007. 
Claims 1-21 are currently pending in this application. 

Applicant has filed a Terminal Disclaimer to obviate the double patenting rejection over 
U.S. Pat. No. 7,228,563. The prior double patenting rejection is withdrawn. 

It is noted that applicant has other related applications (e.g., U.S. Application No. 
10/360,341 filed on 02/06/2003 and U.S. Patent No. 7,287,281 filed on 06/17/2003). It is 
requested that any related application be referred to in the first sentence of the 
specification. Applicant is also requested to supply the serial numbers of any other 
related applications currently pending before the U.S Patent & Trademark Office. 

Double Patenting 

2. The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See In re Goodman, 1 1 F.3d 
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1046, 29 USPQ2d 2010 (Fed. CIT. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 
(Fed. Cir. 1985); In re van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re 
Uogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 
163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 C.F.R.' 1.321(b) would 
overcome an actual or provisional rejection on this ground provided the conflicting 
application or patent is shown to be commonly owned with this application. See 37 
C.F.R. 1 1.78(d). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 
3.73(b). 

Claims 1-21 are rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over claims 1-18 of U.S. Pat. No. 7, 287, 281. 

Although the conflicting claims are not identical, they are not patentably distinct from 
each other because the claims of the instant application and the claims of patent'281 are 
claiming common subject matter, if not identical subject matter. The differences between 
the claims in the instant application and the claims in the patent'281 would have been 
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obvious to a person of ordinary skill in the art at the time the invention was made, since 
the claims in the instant application represent the invention in broader scope. 



Claims 1-21 are rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over claims 1, 4-6, 10-21, 24-26, and 28-38 of U.S. 
Application No. 10/360,341. 

Although the conflicting claims are not identical, they are not patentably distinct from 
each other because the claims of the instant application and the claims of application'341 
are claiming common subject matter, if not identical subject matter. The differences 
between the claims in the instant application and the claims in the application'341 would 
have been obvious to a person of ordinary skill in the art at the time the invention was 
made, since the claims in the instant application represent the invention in broader scope. 

This is a provisional obviousness-type double patenting rejection because the conflicting 
claims have not in fact been patented. 
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Claim Rejections - 35 USC § 102 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in ( 1 ) an application for patent, published under section 1 22(b), by another filed in the United States 
before the invention by the applicant for patent or (2) a patent granted on an application for patent by another filed in the United States 
before the invention by the applicant for patent, except that an international application filed under the treaty defined in section 351(a) 
shall have the effects for purposes of this subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21(2) of such treaty in the English language. 



Claims 1-21 are rejected under 35 U.S.C. 102(e) as being anticipated by Cross et al. (US 
6910142 B2). 



As to claim 1: 

Cross teaches a method comprising: stalling a call to an operating system function 
originating from a call module; and determining whether said call module is in a driver 
area of a kernel address space of a memory (see Figs.2-5 and col. 3, line 32-col.6, line 51). 



As to claim 2: 

Cross teaches determining that said call module is not in said driver area during said 
determining (see col.l, line 60-col.3, line 1 1 ; see also, Figs.2-5). 
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As to claim 3: 

Cross teaches taking protective action to protect a computer system (see col.l , line 60- 
col.3, line 1 1 ; see also, Figs.2-5). 

As to claim 4: 

Cross teaches providing a notification that said protective action has been taken (see 
col.l, line 60-coL3, line 11; see also, Figs.2-5). 

As to claim 5: 

Cross teaches terminating said call (see col.l, line 60-col.3, line 1 1; see also, Figs.2-5). 
As to claim 6: 

Cross teaches terminating a parent application comprising said call module (see col.l, 
line 60-col.3, line 1 1; see also, Figs.2-5). 

As to claim 7: 

Cross teaches determining whether said call module is a known false positive module 
(see col.l, line 60-col.3, line 1 1; see also, Figs.2-5). 
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As to claim 8: 

Cross teaches determining that said call module is in said driver area during said 
determining module (see col.l, line 60-col.3, line 1 1; see also, Figs.2-5). 

As to claim 9: 

Cross teaches stalling said call (see col.l, line 60-col.3, line 1 1; see also, Figs.2-5). 
As to claim 10: 

Cross teaches determining that said call module is in said driver area during said 
determining; and allowing said call to proceed (see col.l, line 60-col.3, line 1 1; see also, 
Figs.2-5). 

As to claim 11: 

Cross teaches determining a location of said call module in said kernel address space of 
said memory (see col.l, line 60-col.3, line 1 1; see also, Figs.2-5). 

As to claim 12: 

Cross teaches determining if a last mode of operation is a kernel mode (see col.l, line 60- 
col.3, line 1 1 ; see also, Figs.2-5). 
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As to claim 13: 

Cross teaches disabling loading and unloading of drivers into said kernel address space 
(see col.l, line 60-col.3, line 1 1 ; see also, Figs.2-5). 

As to claim 14: 

Cross teaches subsequent to said determining whether said call module is in a driver area 
of a kernel address space of a memory, enabling loading and unloading of said drivers 
into said kernel address space (see col.l, line 60-col.3, line 1 1; see also, Figs.2-5). 



As to claim 15: 

Cross teaches said driver area is static (see col.l, line 60-col.3, line 1 1; see also, Figs.2- 
5). 

As to claim 16: 

Cross teaches said driver area is dynamic (see col.l, line 60-col.3, line 1 1 ; see also, 
Figs.2-5). 



As to claim 17: 

Cross teaches keeping said driver area updated as drivers are loaded and unloaded from 
said kernel address space (see col.l, line 60-col.3, line 1 1; see also, Figs.2-5). 
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As to claim 18: 

Cross teaches hooking driver load and unload functions; obtaining loaded driver 
information; determining a driver area in a kernel address space of a memory; and 
determining whether a driver has been loaded into or unloaded from said kernel address 
space, wherein upon a determination that said driver has been loaded into or unloaded 
from said kernel address space, said method further comprising updating said driver area 
(see Figs.2-5 and col. 3, line 32-col.6, line 51). 



As to claim 19: 

Cross teaches stalling a call to an operating system function originating from a call 
module; and determining whether said call module is in said driver area (see col.l, line 
60-col.3, line 1 1 ; see also, Figs.2-5). 

As to claim 20: 

Cross teaches said driver area is dynamic (see col.l, line 60-col.3, line 1 1; see also, 
Figs.2-5). 

As to claim 21: 

Cross teaches a computerrprogram product comprising a computer readable medium 
containing computer code comprising: a malicious code blocking application for stalling 
a call to an operating system function originating from a call module; and said malicious 
code blocking application further for determining whether said call module is in a driver 
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area of a kernel address space of a memory (see Figs.2-5 and col. 3, line 32-col.6, line 51). 

Response to Arguments 

4. Applicant's arguments filed on 1 0/01/2007 have been considered but are moot in view of 
the new ground(s) of rejection. 

During patent examination, the pending claims must be "given their broadest reasonable 
interpretation consistent with the specification." In re Hyatt 21 1 F.3d 1367, 1372, 54 
USPQ2d 1664, 1667 (Fed. Cir. 2000). Applicant always has the opportunity to amend 
the claims during prosecution, and broad interpretation by the examiner reduces the 
possibility that the claim, once issued, will be interpreted more broadly than is justified. 
In re Prater, 415 F.2d 1393, 1404-05, 162 USPQ 541, 550-51 (CCPA 1969). See also In 
re Zletz, 893 F.2d 319, 321-22, 13 USPQ2d 1320, 1322 (1989) "During patent 
examination the pending claims must be interpreted as broadly as their terms reasonably 
allow.... The reason is simply that during patent prosecution when claims can be 
amended, ambiguities should be recognized, scope and breadth of language explored, and 
clarification imposed.... An essential purpose of patent examination is to fashion claims 
that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of 
claim scope be removed, as much as possible, during the administrative process." 

Applicant should set forth claims in language that clearly, distinctly, unambiguously, and 
uniquely define the invention. 
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Contact Information 



5. Any inquiry or a general nature or relating to the status of this application should 
be directed to the TC 2100 Group receptionist: (571) 272-2100. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to VAN H. NGUYEN whose telephone number is (571) 
272-3765. The examiner can normally be reached on Monday-Thursday from 8:30AM 
6:00PM. The examiner can also be reached on alternative Friday. If attempts to reach the 
examiner by telephone are unsuccessful, the examiner's supervisor, WILLIAM 
THOMSON can be reached at (571) 272-3718. 

The fax phone number for the organization where this application or proceeding is 
assigned is (571) 273-8300. 



Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



^^^^ 



VAN H.NGUYEN 
PRIMARY EXAMINER 



